System Requirements

Security Management Requirements

You can manage R80.20SP 60000 / 40000 Scalable Platforms with these versions of Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS.:

R80.30 (see sk144293), and higher
R80.20.M2 (see sk123473)
R80.20 (see sk122485)
R80.10 (see PMTR-22521 and MBS-2739 in Jumbo Hotfix Accumulator for R80.10):
1. Install the R80.10 Jumbo Hotfix Accumulator Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA. Take 214 or higher
2. Install the R80.10 SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. Build 89 or higher (refer to R80.10 SmartConsole Releases)

Security Gateway Requirements

Supported Security Gateway Software Blades and Features

Software Blade or Feature	Gateway Mode	VSX Mode
Firewall	Yes	Yes
SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway.	Yes	Yes
IPsec VPN Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access.	Yes - IPv4 only	Yes - IPv4 only
IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System).	Yes	Yes
Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.	Yes	Yes
Threat Emulation - MTA	Yes	Yes
Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.	Yes	Yes
Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT.	Yes	Yes
Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.	Yes	Yes
URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.	Yes	Yes
Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.	Yes	Yes
Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA.	Yes	Yes
Data Loss Prevention Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP.	Yes - IPv4 only	Not supported
Content Awareness Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. See sk119715. Acronym: CTNT.	Yes	Yes
Mobile Access Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB.	Yes	Yes
Anti-Spam Check Point Software Blade on a Security Gateway that provides comprehensive protection for email inspection. Synonym: Anti-Spam & Email Security. Acronyms: AS, ASPAM. & Email Security	Yes	Not supported
Dynamic Routing and Multicast	Yes	Yes
QoS Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency.	Not supported	Not supported
Mirror and Decrypt The Mirror and Decrypt feature on a Security Gateway or Cluster (in versions R80.40 and higher) that performs these actions: (1) Mirror only of all traffic - Clones all traffic (including HTTPS without decryption) that passes through, and sends it out of the designated physical interface. (2) Mirror and Decrypt of HTTPS traffic - Clones all HTTPS traffic that passes through, decrypts it, and sends it in clear-text out of the designated physical interface. Acronym: M&D.	Yes	Yes
ICAP Server The ICAP Server functionality in your Security Gateway or Cluster (in versions R80.40 and higher) enables it to interact with an ICAP Client requests, send the files for inspection, and return the verdict.	Not supported	Not supported
ICAP Client The ICAP Client functionality in your Security Gateway or Cluster (in versions R80.40 and higher) enables it to interact with an ICAP Server responses (see RFC 3507), modify their content, and block the matched HTTP connections.	Yes	Yes
Support for using NAT64 and NAT46 objects in Access Control Policy	Not supported	Not supported

Notes:

Read the Scalable Platforms Known Limitations in sk148074.
Read the R80.20 Known Limitations in sk122486.
To learn about the differences between R80.20 and R80.20SP versions, see sk147033.

To learn about the differences between different Scalable Platform versions, see sk173183.
To learn about the differences between R80.20SP and R76SP.50 versions, see sk147852.

Compatibility with Clients

For the list of Endpoint clients that are supported by this release, see the R80.20SP Quantum Scalable Chassis Release Notes.

Maximum Supported Number of Interfaces

The maximum number of supported interfaces on the 60000 / 40000 Scalable Platforms:

Mode	Max Number of Interfaces	Notes
Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.	1024	Includes all interface types (Bonds, Physical, VLAN, Warp). For more information, see sk113255, and search for 01164020.
VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.	4096	Includes all interface types (Bonds, Physical, VLAN, Warp). For more information, see sk113255, and search for 01164020.
Virtual System Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS.	250

Mode

Max Number of Interfaces

Notes

Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.

1024

Includes all interface types (Bonds, Physical, VLAN, Warp).

For more information, see sk113255, and search for 01164020.

VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.

4096

Includes all interface types (Bonds, Physical, VLAN, Warp).

For more information, see sk113255, and search for 01164020.

Virtual System Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS.

250